While industry leaders at the World Economic Forum in Davos, Switzerland, called for new rules surrounding data protection, the U.S. Supreme Court announced it will hear two cases involving warrantless searches by law enforcement of suspects’ cellphones. And, the U.S. Federal Trade Commission announced settlements with 12 companies over false claims of alignment with Safe Harbor rules. In this Privacy Tracker roundup, learn about these as well as bills being considered by U.S. state legislatures, how Obama’s NSA plans may affect EU law and more.
In the U.S., FTC v. Wyndham will decide whether the company’s “failure to safeguard personal information caused substantial consumer injury” and whether the FTC even has the authority to regulate data security; the GAO is pushing for comprehensive federal law governing the collection, use and sale of personal data by businesses, and Sen. Franken is calling for regulation over biometric data before the horse leaves the barn. In the EU, the debate over Safe Harbor continues, with Albrecht and Reding saying EU residents need to be able take data privacy complaints to U.S. courts. The Office of the Australian Information Commissioner (OAIC) has released the final set of Australian Privacy Principles that cover access to and correction of personal information, and in Canada learn about Alberta’s need to create a new Privacy Act and why Bill C-30 is back in the news. All this and more, in this week’s Privacy Tracker legislative roundup.
In the U.S., guidelines and court rulings have offered insight on everything from drone use to workplace audio recordings, while, internationally, questions still loom about the future of Safe Harbor and national leaders have presented an Internet privacy resolution to the UN. Kazakhstan’s privacy law is scheduled to come into effect this month, and Indonesia is looking into consolidating its sectoral coverage into an overarching law. Also in this week’s roundup is analysis of India’s privacy bill, California’s spate of privacy laws and insight from the FTC and the New Jersey Attorney General’s Office on how to avoid the wrath of regulators.
While much of the news was focused on the EU Data Protection Regulation this week, a few other things of note happened in the legal realm as well. For example, the EU Parliament adopted a resolution to suspend SWIFT based on allegations that the U.S. NSA had access to EU citizen’s bank data; the FTC reached a settlement with Aaron’s, Inc., over the company’s consumer spying regime, and in Ecuador there are concerns that a new penal code could violate citizens’ online privacy. These are just a few of the stories—in addition to information on the LIBE vote and the future of Safe Harbor and the EU regulation—in this week’s Privacy Tracker legislative roundup.
Since the revelation of the NSA’s mass e-surveillance program in June, and in conjunction with the progress of the new General Data Protection Regulation (GDPR) in Brussels, European institutions have been actively reconsidering the terms on which personal data is permitted to cross European borders. One proposal, which has raised a ripple effect of concern through the industry, includes...
This week’s Privacy Tracker legislative roundup highlights changing privacy laws from the U.S. to Bahrain. Revisions to the U.S. Telephone Consumer Protection Act went into effect last week; the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs will vote today on amendments to the proposed regulation and directive—including one that would see U.S. companies seeking permission from EU officials before complying with government access requests to EU data, and the Bahrain cabinet has preliminarily approved a data protection law. Meanwhile, the UK Information Commissioner’s Office is considering jail time for breaches at the same time as justifying its fining practices.
Last week saw a new law in South Africa, new guidelines from the Australian privacy commissioner, a new breach notification requirement in effect in the EU and U.S. states tackling big issues like e-mail and location privacy in the absence of forward motion on a federal level. Also, a series of cases in Minnesota questions the liability of government agencies when an employee violates the Driver’s Privacy Protection Act.
New challenges to a Utah surveillance law; an interesting turn of events in a case deciding whether government authorities can extract historical location data directly from telecommunications carriers without a search warrant; legislative initiatives related to FISA and the USA PATRIOT Act; questions about the future of Safe Harbor, and information on developments in Italy, France and Australia.
Safe Harbor is in danger. Organizations that have certified under Safe Harbor should closely monitor the EU’s legislative process and the TTIP for indications about Safe Harbor’s future. And they should give careful thought to contingency plans for handling the personal data of EU data subjects.